Re: RES: [squid-users] block https requests

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Wed, 17 Dec 2008 17:01:43 +0100

On 16.12.08 13:51, Ricardo Augusto de Souza wrote:
> I AM used to block sites using:
>
>
> acl bad_sites dstdomain "/etc/squid/bad_sites.txt"
>
> http_access deny bad_sites
>
>
>
> With this my users cannot access all domains listed in
> "/etc/squid/bad_sites.txt" using http but they can access using https.

squid does not see what's in https requests, they are enctypted. That's that
the "s" means (secure): only client and server know what's inside, nobody
other.

you can disable CONNECT method to those hots. You may need to disable
CONNECT to IP addresses.

Or you may do an MITM attack and use sslbump (which means, https won't be
secure anymore for your clients). Clients will detect it - they will see
certificate mismatch (since you won't be able to provide anyone's
certificate but yours)

> How do I solve this?

disable https?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have. 
Received on Wed Dec 17 2008 - 16:01:57 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 17 2008 - 12:00:03 MST